CI/CD

Assembla: Cloud Version Control for the Enterprise

9 May 2018 10:05am, by

In the world of code management, something’s been missing at the enterprise level, according to Paul Lynch, CEO of San Antonio-based Assembla.

Assembla offers a single control point for three repositories: Git, Subversion and Perforce. It’s focused on enterprise-grade version control, specifically for healthcare, game development and industrial clients. The Apache Software Foundation on Monday announced the latest version of Subversion, v1.10.0.

Assembla calls its iteration of Subversion NextGenSVN, and has collaborated with the open source community to include shelving — the ability to temporarily set aside in-process changes and go back to the previous version, for example, to go fix something — and checkpointing, a feature it says is “coming soon,” that allows you to go back to specific points in the work.

Lynch maintains that popular code repositories — GitHub, GitLab and others — are developer tools that lack the security, performance and compliance that enterprises require.

“We’re not better; we’re different,” Lynch said. “They don’t play in our space. They manage huge amounts of data and help small developer teams. When you want to get into enterprise wraparounds and white-glove type of solutions, [enterprises’] only real viable solution would be GitHub enterprise, which is effectively an on-prem tool. We need to get source code out of on-prem and into managed repositories.”

RightScale’s 2018 State of the Cloud report notes the ongoing trend toward public cloud use — up 7 percent in the past year among respondents — while it found plans to build and maintain a private cloud declining.

“Enterprises tend to have lots of development teams and each team has different requirements for the version control system they wish to use, so we can deliver all three,” Lynch said.

New Direction

San Antonio-based venture equity firm Scaleworks acquired Assembla, then a mature 12-year-old company, in March 2016.

In addition to Assembla, Scaleworks manages billing software Chargify, virtual mail system Earth Class Mail, content uploading API Filestack, reminder service Followup, customer decision analysis firm Qualaroo, email API service Mailgun and recently acquired developer data analytics software Keen.io.

At its acquisition, Assembla offered a web application-development platform with a strong pedigree in version control, but the business was flat.

In discussions with customers yielded a common theme: They wanted to put their source code in the cloud, but they didn’t see an enterprise-grade product to buy in that space. That led to a new direction for the company: enterprise cloud version control.

Future Markets Insights predicts that version control will be a $971.8 million global market by 2027. And G2Crowd ranks Git and Subversion as market leaders overall in its “Best Version Control Systems” for 2018, analysis, though Subversion slips to “high performer” in its enterprise category.

While German software vendor elego Software Solutions offers Git and Subversion for its on-prem installations, and there are distributed version control systems such as Fossil, Darcs and Pijul, there are three major must-haves for enterprises looking to move code to cloud repositories, according to Lynch: performance, compliance and security.

The company’s business has doubled since it took this new direction, according to Lynch.

It’s investing heavily in code analysis and security, both its own internal security and that of clients.

With so many breaches a result of code vulnerabilities such as Amazon credentials or passwords in public-facing repositories, it only makes sense to focus on security and scan for vulnerabilities there, Lynch said.

“There’s a weird graph around security. We’ve never spent more money around securing live applications … yet every year we see more and more data breaches. I’m not saying we shouldn’t be securing endpoint solutions, but we’re overly focusing on live production and under-focusing on source code,” he said.

To provide the compliance piece, it has gained certification for the EU-U.S. Privacy Shield Framework, SOC II Type 1, HIPAA and PCI Level 3.

Few version control vendors have these certifications, Lynch said. And as of May 24, it will be General Data Protection Regulation (GDPR)-compliant. The company built a European stack that’s completely separate from its U.S. presence, so it’s able to offer standalone European hosting for European customers.

Assembla acquired the desktop app Cornerstone in December and subsequently released Cornerstone 4 with shelving and checkpointing.

“It’s an area we want to look at further — making acquisitions around code optimization, distribution, identity access/control — those kinds of things,” he said.

And it plans to make further technology investments in Subversion and Git.

Assembla hired senior Subversion committer Julian Foad last summer to improve the project’s cloud capabilities and has been releasing its improvements back into the open source project, Lynch said. Foad is community release manager for 1.10.

Among the features in the new open source release:

  • New interactive conflict resolver to better automate the process of merging.
  • Adding LZ4 compression to the backend for increased commit performance.
  • An upgrade to the HTTP(S) transport that brings it closer to SVN+SSH performance while retaining the infrastructure simplicity inherent in HTTP(S).
  • Shelving as an experimental feature.

Feature image via Pixabay.

A newsletter digest of the week’s most important stories & analyses.